<?php   // $Id: users_edit_suite.php 234 2008-07-06 21:49:31Z pcoustillas $ ?>
<?php   
/*Copyright (C) 2003-2004 Guy Hendrickx
Licensed under the terms of the GNU  General Public License:http://www.opensource.org/licenses/gpl-license.php
File Authors:Guy Hendrickx 
Modification : Pierre Coustillas*/

require_once("include/config/common.php");
require_once("include/verif.php");
require_once("include/language/$lang.php");

$login2=isset($_POST['login2'])?$_POST['login2']:"";
$pass=isset($_POST['pass'])?$_POST['pass']:"";
$nom=isset($_POST['nom'])?$_POST['nom']:"";
$prenom=isset($_POST['prenom'])?$_POST['prenom']:"";
$mail=isset($_POST['mail'])?$_POST['mail']:"";
$pass2=isset($_POST['pass2'])?$_POST['pass2']:"";
$num_user=isset($_POST['num_user'])?$_POST['num_user']:"";

$action=isset($_POST['action'])?$_POST['action']:"";

$dev=isset($_POST['dev'])?$_POST['dev']:"";
$com=isset($_POST['com'])?$_POST['com']:"";
$fact=isset($_POST['fact'])?$_POST['fact']:"";
$dep=isset($_POST['dep'])?$_POST['dep']:"";
$stat=isset($_POST['stat'])?$_POST['stat']:"";
$art=isset($_POST['art'])?$_POST['art']:"";
$cli=isset($_POST['cli'])?$_POST['cli']:"";
$admin=isset($_POST['admin'])?$_POST['admin']:"";

/* if ($admin == y) { 
	$dev = "y";
	$com = "y";
	$fact = "y";
	$dep = "y"; 
	$stat = "y";
	$art = "y";
	$cli = "y";
}*/

if ($login2=='' || $nom=='')
{
	//echo "$lang_oublie_champ";
	header("Location: users_edit.php?action=$action&msg=" . $lang_oublie_champ);
	exit;
}

if ($action=="new" && ( $pass=='' || $pass2==''))
{
	//si creation d'un user les champs de mot de passe doivent etre renseignés
	header("Location: users_edit.php?action=$action&msg=" . $lang_oublie_champ);
	exit;
}

if ($pass != $pass2)
{
    //dans tous les cas les deux mots de passe doivent etre identique.
    header("Location: users_edit.php?action=$action&msg=Erreur les deux mots de passe ne correspondent pas."); // On inclus le formulaire d'identification
    exit;
}

if ($action=="modif")
{

	if ($pass != '') { 
		$pass_crypt = md5($pass);
		$sql = "UPDATE " . $tblpref ."user 
		SET `pwd` = '".$pass_crypt."', 
		`nom` = '".$nom."', 
		`prenom` = '".$prenom."', 
		`email` = '".$mail."', 
		`dev` = '".$dev."', 
		`com` = '".$com."', 
		`fact` = '".$fact."', 
		`dep` = '".$dep."', 
		`stat` = '".$stat."', 
		`art` = '".$art."', 
		`cli` = '".$cli."', 
		`admin` = '".$admin."'
		WHERE `num` = '".$num_user."'";
	} else {
		$sql = "UPDATE " . $tblpref ."user 
		SET `nom` = '".$nom."', 
		`prenom` = '".$prenom."', 
		`email` = '".$mail."', 
		`dev` = '".$dev."', 
		`com` = '".$com."', 
		`fact` = '".$fact."', 
		`dep` = '".$dep."', 
		`stat` = '".$stat."', 
		`art` = '".$art."', 
		`cli` = '".$cli."', 
		`admin` = '".$admin."'
		WHERE `num` = '".$num_user."'";
	}
} else {
//requete de creation d'utilisateur
	$sql = "SELECT * FROM " . $tblpref ."user WHERE login = '".$login2."'";
	$req = mysql_query($sql) or die('Erreur SQL !<br/>'.$sql.'<br/>'.mysql_error());
	$nb_login = mysql_num_rows($req);
	if ($nb_login > 0)
	{ 
		//echo "<h1> Erreur le login existe deja";
		header("Location: users_edit.php?action=$action&msg=Erreur le login existe déjà."); // On rappel le formulaire d'identification
		exit;
	}

	$pass_crypt = md5($pass);
	$sql = "INSERT INTO " . $tblpref ."user (login, pwd, nom, prenom, email, dev, com, fact, dep, stat, art, cli, admin) VALUES ('$login2', '$pass_crypt', '$nom', '$prenom', '$mail', '$dev', '$com', '$fact', '$dep', '$stat', '$art', '$cli', '$admin')";

}
mysql_query($sql) or die('Erreur SQL !<br/>'.$sql.'<br/>'.mysql_error());


if ($action=="modif")
{
	header("Location: users_lister.php?msg=Modification de " . $nom . " effectué avec succès.");
	exit;
} else {
	header("Location: users_lister.php?msg=Ajout de " . $nom . " effectué avec succès.");
}

 ?> 
